Marcin Antkiewicz marcinantkiewicz

## README.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                marcinantkiewicz
                / README.md
            
            
              Created
              September 12, 2018 15:25
                — forked from joyrexus/README.md
            
              
                collapsible markdown
              
          
    collapsible markdown?

CLICK ME

yes, even hidden code blocks!

print("hello world!")

  
## unifi system setup
USG and UAP - security gateway and access ponit adoption/initial config
- devices want to live on 192.168.1 network.
- IP address can be set through the controller, in the Networks tab, or using CLI (configure, set interfaces ethernet eth1 address 10.10.10.1/24, delete interfaces ethernet eth1 address 192.168.1.1/24,
commit)
- the DNS name used in the Controller tab must resolve to the right IP, else succesful adoption will requie login to the device and "mca-cli, set-inform http://controller-IP-or-resolving-fqdn):8080/inform


Controller setup:
-- runs fine in docker
-- cloud key is convenient, but it was flakey for me. This is not expected, people have good luck with them.

## Bluetooth_references.md

      
              1 file
            
          
              1 fork
            
          
              0 comments
            
          
              0 stars
            
          
                marcinantkiewicz
                / Bluetooth_references.md
            
            
              Last active
              June 14, 2018 10:15
            
              
                Resources for bluetooth monitoring (ubertooth)
              
          
    Ubertooth

For docs go to the source. Lots of outdated info floating around the Internet: https://github.com/greatscottgadgets/ubertooth/

Yes, first step is to update the firmware.


hardware: various all over the world, Amazon too. Cheapest (2017, $120 shipped): https://www.sparkfun.com/products/10573
You will also want a normal bluetooth interface. Built in, or "Amazon Basics" work. I like to have a dedicated one.


Setup:

  
## arp scan in bash (8e529d216b4252a866882c0c77c945f9)
function msa_scan_arp () {
## Discover hosts on a /24 that respond to arp requests.
#  Write information about hosts that responded to a file.
#
# ex: msa_resolve_arp 192.168.1 arp-scan.txt
# yep, this is an ugly hack
# arping -w should provide a qicker timeout for IPs that do not respond, but it works in a way I do not seem to understand.

  NET=$1; shift;
  FILENAME=$1; shift

## bonding ifaces for monitoring
auto bond0
iface bond0 inet static
  address 10.1.10.1
  netmask 255.255.255.0
  hwaddress ether aa:aa:aa:aa:aa:aa            # else mac can float based on what's bonded
  post-up ifenslave bond0 eth1 eth2 eth3 eth4 eth5


# to verify/monitor
cat /proc/net/bonding/bond0

## Bootable USB drive on OSX
Movign a bootable ISO to USB drive on OSX:

- Insert the USB drive. For portability, format as FAT
- The drive will mount, unmount the volume (but do not "eject")

    user $ sudo diskutil unmountDisk /dev/disk2
    Unmount of all volumes on disk2 was successful

- I need a GPT partition, in place of some junk here, so OSX formating tools will work just fine:


## power saving linux laptop
#https://geoff.greer.fm/2017/07/16/thinkpad-x62/

#!/bin/sh

# Disable the NMI watchdog
echo '0' > '/proc/sys/kernel/nmi_watchdog';

# Runtime power management for I2C devices
for i in /sys/bus/i2c/devices/*/device/power/control ; do
  echo auto > ${i}

## ocsp-stapling.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                marcinantkiewicz
                / ocsp-stapling.md
            
            
              Created
              September 19, 2017 03:14
                — forked from sleevi/ocsp-stapling.md
            
          
    On Twitter the other day,
I was lamenting the state of OCSP stapling support on Linux servers, and got
asked by several people to write-up what I think the requirements are for OCSP
stapling support.


Support for keeping a long-lived (disk) cache of OCSP responses.
This should be fairly simple. Any restarting of the service shouldn't
blow away previous responses that were obtained. This doesn't need to be
disk, just stable - and disk is an easy stable storage for most server


## find-chrome-extensions.ps1
# https://gist.github.com/marcinantkiewicz/9ac20677145f246eb01cd1759cb03f35
# Author: Marcin Antkiewicz
# marcin@kajtek.org
# @deciban

# Use:
#find_chrome_extensions -OutputDir "c:\"

#idea ref: https://www.reddit.com/r/PowerShell/comments/5px71w/getting_chrome_extensions/
#PS 2.o has no convertfrom-json, 2.0 helper from http://stackoverflow.com/questions/28077854/powershell-2-0-convertfrom-json-and-convertto-json-implementation

## iptables
1) DHCP - iptables rules are not reuqired to make DHCP work.
Linux kernel will not send traffic via ethernet interface untill it has an IP address assigned. DHCP client uses raw sockets to
communicate with the DHCP server, which happens before Iptables have change to process the traffic.

2) iptables rule = classifier (iptable match) + action (iptables target)

Chains in which rules are applied:
- mangle - used to control TOS attributes, MARKs, TTL. Single table.
- filter - policy decision take place here. Tables: forward (target behind firewall, input (traffic to firewall), output (return, or originating traffic).
- nat - changes to src/dst IPs. Tables:
	USG and UAP - security gateway and access ponit adoption/initial config
	- devices want to live on 192.168.1 network.
	- IP address can be set through the controller, in the Networks tab, or using CLI (configure, set interfaces ethernet eth1 address 10.10.10.1/24, delete interfaces ethernet eth1 address 192.168.1.1/24,
	commit)
	- the DNS name used in the Controller tab must resolve to the right IP, else succesful adoption will requie login to the device and "mca-cli, set-inform http://controller-IP-or-resolving-fqdn):8080/inform


	Controller setup:
	-- runs fine in docker
	-- cloud key is convenient, but it was flakey for me. This is not expected, people have good luck with them.
	function msa_scan_arp () {
	## Discover hosts on a /24 that respond to arp requests.
	# Write information about hosts that responded to a file.
	#
	# ex: msa_resolve_arp 192.168.1 arp-scan.txt
	# yep, this is an ugly hack
	# arping -w should provide a qicker timeout for IPs that do not respond, but it works in a way I do not seem to understand.

	NET=$1; shift;
	FILENAME=$1; shift
	auto bond0
	iface bond0 inet static
	address 10.1.10.1
	netmask 255.255.255.0
	hwaddress ether aa:aa:aa:aa:aa:aa # else mac can float based on what's bonded
	post-up ifenslave bond0 eth1 eth2 eth3 eth4 eth5


	# to verify/monitor
	cat /proc/net/bonding/bond0
	Movign a bootable ISO to USB drive on OSX:

	- Insert the USB drive. For portability, format as FAT
	- The drive will mount, unmount the volume (but do not "eject")

	user $ sudo diskutil unmountDisk /dev/disk2
	Unmount of all volumes on disk2 was successful

	- I need a GPT partition, in place of some junk here, so OSX formating tools will work just fine:
	#https://geoff.greer.fm/2017/07/16/thinkpad-x62/

	#!/bin/sh

	# Disable the NMI watchdog
	echo '0' > '/proc/sys/kernel/nmi_watchdog';

	# Runtime power management for I2C devices
	for i in /sys/bus/i2c/devices/*/device/power/control ; do
	echo auto > ${i}
	# https://gist.github.com/marcinantkiewicz/9ac20677145f246eb01cd1759cb03f35
	# Author: Marcin Antkiewicz
	# marcin@kajtek.org
	# @deciban

	# Use:
	#find_chrome_extensions -OutputDir "c:\"

	#idea ref: https://www.reddit.com/r/PowerShell/comments/5px71w/getting_chrome_extensions/
	#PS 2.o has no convertfrom-json, 2.0 helper from http://stackoverflow.com/questions/28077854/powershell-2-0-convertfrom-json-and-convertto-json-implementation
	1) DHCP - iptables rules are not reuqired to make DHCP work.
	Linux kernel will not send traffic via ethernet interface untill it has an IP address assigned. DHCP client uses raw sockets to
	communicate with the DHCP server, which happens before Iptables have change to process the traffic.

	2) iptables rule = classifier (iptable match) + action (iptables target)

	Chains in which rules are applied:
	- mangle - used to control TOS attributes, MARKs, TTL. Single table.
	- filter - policy decision take place here. Tables: forward (target behind firewall, input (traffic to firewall), output (return, or originating traffic).
	- nat - changes to src/dst IPs. Tables: